Red Hat
May 26, 2016
by Stian Thorgersen

Keycloak 1.9.5.Final has just been released. There's one change worth highlighting in this release. We've increased the default password hashing intervals to 20000. Yes, you read that right. We've actually recommended using 20000 for a while now, but the default was only 1. This is a clear trade-off between performance and how secure passwords are stored. With 1 password hashing interval it takes less than 1 ms to hash a password, while with 20000 it takes tens of ms.

For the full list of resolved issues check out JIRA and to download the release go to the Keycloak homepage.

Original Post